Do Home Workers Present a Security Risk to Your Business IT Network?

March 14 2016

The combination of rapid technological advancement and the extension of flexible working rights in the UK has led to a huge increase in the number of people working from home some, or all, of the time. The most recent figures show that there are a record 4.2 million homeworkers in the UK, which amounts to a significant 13.9% of the workforce.

Homeworking is an increasingly attractive option for both individuals and businesses. From an individual’s perspective, it provides a greater degree of flexibility and can aid a better work-life balance. From a business perspective, a remote workforce is often thought to be more creative and productive. By employing home workers, businesses can also reduce overheads considerably.

However, there is a dark side to this trend. By exposing their organisation’s networks to the home networks and personal devices of their employees, businesses are potentially putting themselves at risk.

In this article, we consider whether home workers present a security risk to their company’s IT network. We assess the significance of the risk and, most importantly, consider what can be done to mitigate it.

Generally speaking, business IT networks are much more secure than the average home network. Businesses need to invest in network security in order to protect the data of their organisation, their employees and their clients. But, with the increasing flow of data and devices between home and business networks, comes increased difficulty in controlling the security of information.

There are two sides to the problem: that of employees taking company devices and connecting to their home networks and that of employees bringing personal devices into work and connecting to the company network. The latter is a rising problem often associated with the growing trend of BYOD (bring your own device) policies within organisations.

By targeting employees personal accounts and home networks, hackers wishing to gain access to a business network are able to bypass the stronger corporate security measures in place in a company’s premises. The increasing movement of devices between locations is making this easier than ever before.

Home networks can represent a hostile threat and need to be treated as such. The problem is that many people are unaware of the security pitfalls within their home networks.

One of the main issues lies with the increasing number of web-enabled devices within our homes.

The Internet of Things (IoT) is a hot topic right now, that gets many people excited, but the reality is that a large number of these devices present significant security risks, acting as unwitting gateways to the networks they connect to. From smart TVs and printers through to security cameras, baby monitors, digital radios and even kitchen appliances, there are a growing number of household devices that have the capacity to connect to the Wi-Fi network and, therefore, provide a way in for the hackers.

It’s not uncommon for people to forget that they ever connected certain devices to their network when they initially set them up, and this is the worry.

It’s becoming increasingly clear that many of the devices making up the Internet of Things have unknown bugs in the software that lead to vulnerabilities. Manufacturers of many of these devices are not providing the necessary security updates, some are not reacting adequately when problems are reported and they are either unwilling or unable to resolve the issue.

Essentially, not enough effort is being made to find and fix the bugs in these devices.

But, it’s not just the Internet of Things that’s cause for concern when it comes to the security of home networks. Another part of them problem lies in the behaviour of individuals as well as attitudes towards internet security, which so often reflect complacency. Despite the increasing occurrence of data breaches and cyber-crime that are frequently reported in the news, many of us still fail to take basic steps to protect our networks.

The easiest route, by far, for hackers to gain access to a network is via email and this is often where people get caught out. Malicious email campaigns are often very carefully targeted, with emails appearing to be from people the victim knows, or sources they are likely to respond to. Just because an email looks authentic, doesn’t mean it is.

Individuals need to be vigilant online and wary of opening email attachments.

As a company, one of the best measures you can take to protect your data security is to educate your employees.

Tips for individuals:

• Change default admin names and passwords on the router

• Use different passwords for each account and passwords that are of a good strength, including upper and lower case letters, numbers and symbols

• Turn off Wi-Fi Protected Setup (WPS) as it’s known to be insecure

• Always keep operating systems, browsers and other software up to date on all devices (PCs, laptops, tablets and mobile phones) including those at home – easier said than done when the business doesn’t own or control them!

• Always use professional, business-quality anti-virus software and a firewall and keep these updated

• Always be suspicious of emails bearing attachments, even if they appear to be from people you know

• Turn off web interfaces, where possible, on devices that don’t need to be connected to the network

• When working at home, set the network to “public”, rather than “trusted” as this will provide a greater degree of security

• Do not let door to door sales people or other third parties connect to your home network

Educating your employees will go a long way to mitigating the risks associated with exposing your company to home networks, but it is only part of the solution. When implementing flexible working and BYOD policies, you need to ensure that security is properly planned and managed.

Protecting company devices exposed to home networks

• Insist that company devices be used only for appropriate business purposes

• Consider locking the operating system to prevent individuals from installing their own software – this is increasingly best practice

• Limit the exposure to home networks by restricting the privilege to only those for whom it is necessary

• Install internet filtering software on company devices to prevent individuals from using sites that are inappropriate and potentially dangerous

• Consider having dual-boot areas on company devices, with separate operating systems for business and personal use with a firewall between the two

• Ensure that appropriate, business quality firewalls and anti-virus software and installed and kept up to date on all devices

• Keep operating systems and other software up to date on all company devices

Protecting your network against exposure to personal devices

This is somewhat harder; given that the devices are owned by the individuals, there are restrictions to the level of control that you can reasonably have over them. However, there are still steps that can be taken to protect your business network:

• First and foremost, consider whether it is necessary at all to allow individuals to connect personal devices to your business network. If not, ban or block them.

• Consider disabling the majority of USB ports on devices in your premises, to protect your network against devices brought from employees’ homes into the office

• Set up a separate guest network for employees to use with personal devices

• When implementing a BYOD policy, ensure that you have a policy that is thoroughly thought through, including an acceptable use policy, and ensure that workers are adequately trained so that they understand the issues associated with internet security, as well as what is expected of them

Although it’s clear that home workers, or home networks more specifically, present a risk to your business IT network, the significance of this risk can be reduced by implementing the appropriate measures and ensuring that flexible working and BYOD policies are properly managed.